mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-16 22:20:56 +00:00
New all.sh wrapper with reduced scope (CI only)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
parent
a4f0227669
commit
6ffebef9c4
@ -5,92 +5,98 @@
|
||||
# Copyright The Mbed TLS Contributors
|
||||
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
|
||||
# During the transition of CI associated with the repo split,
|
||||
# we want all.sh from the mbedtls repo to transparently run both
|
||||
# mbedtls and tf-psa-crypto components.
|
||||
# This is what this wrapper is about.
|
||||
# Once the transition is over, this wrapper can be removed,
|
||||
# and mbedtls-all.sh renamed again to all.sh.
|
||||
#
|
||||
# This wrapper is mostly for the CI's benefit. Developers probably want to
|
||||
# directly invoke one or two of the following commands:
|
||||
# This is a transitional wrapper that's only meant for the CI.
|
||||
# Developers should directly invoke on or two of:
|
||||
# - tests/scripts/mbedtls-all.sh ...
|
||||
# - (cd tf-psa-crypto && tests/scripts/all.sh ...)
|
||||
#
|
||||
# During the transition, it's illegal for a tf-psa-crypto component to have
|
||||
# the same name as an mbedtls components; since this wrapper handles both
|
||||
# sides at once, component names need to be globally unique. Once the
|
||||
# transition period is over, unicity on each side will be enough.
|
||||
#
|
||||
# For context, here are the steps of the transition:
|
||||
# 1. We have an all.sh in tf-psa-crypto but for now we don't invoke it directly
|
||||
# on the CI, only through this transitional wrapper in mbedtls. (tf-psa-crypto
|
||||
# doesn't have its own CI initially and runs Mbed TLS's instead.)
|
||||
# 2. We move all relevant components to tf-psa-crypto so that it gets the level of
|
||||
# coverage we want. We need to make sure the new names are unique.
|
||||
# 3. We change the CI job on tf-psa-crypto to stop checking out mbedtls and running
|
||||
# its all.sh - instead we do the normal thing of checking out tf-psa-crypto and
|
||||
# running its all.sh. (In two steps: (a) add the new job, (b) remove the old
|
||||
# one.)
|
||||
# 4. We remove the transitional wrapper in mbedtls and we're now free to rename
|
||||
# tf-psa-crypto components as we want. If we followed a consistent naming
|
||||
# pattern, this can be as simple as s/_tf_psa_crypto// in components-*.sh.
|
||||
|
||||
# This script must be invoked from the project's root.
|
||||
|
||||
# There are exactly 4 ways this is invoked in the CI:
|
||||
# 1. tests/scripts/all.sh --help
|
||||
# 2. tests/scripts/all.sh --list-all-components
|
||||
# 3. tests/scripts/all.sh --list-components
|
||||
# 4. tests/scripts/all.sh --seed 4 --keep-going single_component_name
|
||||
# This wrapper does not support other invocations.
|
||||
|
||||
set -eu
|
||||
|
||||
# Cases 1-3
|
||||
if [ "$#" -eq 1 ]; then
|
||||
if [ "$1" = '--help' ]; then
|
||||
# It doesn't matter which one we use, they're the same
|
||||
tests/scripts/mbedtls-all.sh "$1"
|
||||
exit 0
|
||||
fi
|
||||
if [ "$1" = '--list-all-components' -o "$1" = '--list-components' ]; then
|
||||
# Invoke both
|
||||
tests/scripts/mbedtls-all.sh "$1"
|
||||
(cd tf-psa-crypto && tests/scripts/all.sh "$1")
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$#" -ne 4 -o "$1" != '--seed' -o "$3" != '--keep-going' ]; then
|
||||
echo "This invocation is not supported by the transitional wrapper." >&2
|
||||
echo "See the comments at the top of $0." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Case 4: invoke the right all.sh for this component
|
||||
comp_name=$4
|
||||
|
||||
# Get the list of components available on each side.
|
||||
COMP_MBEDTLS=$(tests/scripts/mbedtls-all.sh --list-all-components | sort)
|
||||
COMP_CRYPTO=$(cd tf-psa-crypto && tests/scripts/all.sh --list-all-components | sort)
|
||||
COMP_MBEDTLS=$(tests/scripts/mbedtls-all.sh --list-all-components | tr '\n' ' ')
|
||||
COMP_CRYPTO=$(cd tf-psa-crypto && tests/scripts/all.sh --list-all-components | tr '\n' ' ')
|
||||
|
||||
# Error out if any component is available on both sides
|
||||
COMMON=$(comm -12 <(echo "$COMP_MBEDTLS") <(echo "$COMP_CRYPTO") | tr '\n' ' ')
|
||||
if [ -n "$COMMON" ]; then
|
||||
echo "The following components are duplicated: $COMMON" >&2
|
||||
exit 2
|
||||
fi
|
||||
|
||||
# all.sh complains when a component is requested explicitly but is not
|
||||
# available. However, here we actually run two instances of all.sh, so when
|
||||
# requesting one component epxlicitly, at least one instance is not going to
|
||||
# know about it. So, when invoking each side, remove the other side's
|
||||
# components from its command line. This is safe because we know from above
|
||||
# that no component is on both sides.
|
||||
|
||||
# mbedtls args are global args without the crypto components
|
||||
COMP_CRYPTO=$(echo $COMP_CRYPTO | tr '\n' ' ')
|
||||
for arg in "$@"; do
|
||||
case " $COMP_CRYPTO " in
|
||||
*" $arg "*) ;;
|
||||
*) mbedtls_args+=( $arg ) ;;
|
||||
# tell if $1 is in space-separated list $2
|
||||
is_in() {
|
||||
needle=$1
|
||||
haystack=$2
|
||||
case " $haystack " in
|
||||
*" $needle "*) echo 1;;
|
||||
*) echo 0;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
# crypto args are global args without the mbedtls components
|
||||
COMP_MBEDTLS=$(echo $COMP_MBEDTLS | tr '\n' ' ')
|
||||
for arg in "$@"; do
|
||||
case " $COMP_MBEDTLS " in
|
||||
*" $arg "*) ;;
|
||||
*) crypto_args+=( $arg ) ;;
|
||||
esac
|
||||
done
|
||||
is_crypto=$(is_in "$comp_name" "$COMP_CRYPTO")
|
||||
is_mbedtls=$(is_in "$comp_name" "$COMP_MBEDTLS")
|
||||
|
||||
# Note: don't print debug info on what commands are being run, because we
|
||||
# don't want to pollute the output especially when --list-components is used.
|
||||
|
||||
# call mbedtls's all.sh
|
||||
set +e
|
||||
tests/scripts/mbedtls-all.sh "${mbedtls_args[@]}"
|
||||
mbedtls_exit=$?
|
||||
set -e
|
||||
if [ $mbedtls_exit -ne 0 ]; then
|
||||
echo "mbedtls-all.sh exited $mbedtls_exit" >&2
|
||||
# Component should be on exactly one side (see comment near the top).
|
||||
if [ "$is_crypto" -eq 1 -a "$is_mbedtls" -eq 1 ]; then
|
||||
echo "Component '$comp_name' is both in crypto and Mbed TLS". >&2
|
||||
echo "See the comments at the top of $0." >&2
|
||||
exit 1
|
||||
fi
|
||||
if [ "$is_crypto" -eq 0 -a "$is_mbedtls" -eq 0 ]; then
|
||||
echo "Component '$comp_name' is neither in crypto nor in Mbed TLS". >&2
|
||||
echo "See the comments at the top of $0." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# if it returned non-zero, should we keep going?
|
||||
if [ $mbedtls_exit -ne 0 ]; then
|
||||
case " $@ " in
|
||||
*" --keep-going "*) ;; # fall through and run tf-psa-crypto's all.sh
|
||||
*) exit $mbedtls_exit;;
|
||||
esac
|
||||
fi
|
||||
|
||||
# call tf-psa-crypto's all.sh
|
||||
set +e
|
||||
(cd tf-psa-crypto && tests/scripts/all.sh "${crypto_args[@]}")
|
||||
crypto_exit=$?
|
||||
set -e
|
||||
if [ $crypto_exit -ne 0 ]; then
|
||||
echo "tf-psa-crypto's all.sh exited $crypto_exit" >&2
|
||||
fi
|
||||
|
||||
# return an appropriate exit code
|
||||
if [ $mbedtls_exit -ne 0 ]; then
|
||||
echo "mbedtls-all.sh exited $mbedtls_exit" >&2
|
||||
echo "Please scroll up for a summary of errors in mbedtls-all.sh" >&2
|
||||
exit $mbedtls_exit
|
||||
# Invoke the real thing
|
||||
if [ "$is_crypto" -eq 1 ]; then
|
||||
cd tf-psa-crypto
|
||||
exec tests/scripts/all.sh "$@"
|
||||
else
|
||||
exit $crypto_exit
|
||||
exec tests/scripts/mbedtls-all.sh "$@"
|
||||
fi
|
||||
|
||||
Loading…
Reference in New Issue
Block a user